Solved

Remote access and secure data exchange

Posted on 2013-06-21
7
460 Views
Last Modified: 2013-06-24
Hi guys
Hope you can me out. I'm looking for some guidance on the following scenario.
My company recently went into partnership with a company that have Point of Sale systems and servers. My company want to retrieve data on POS and server and connect the figures to our financial system at head-quarters.

Issue number 1: We currently to not have control of POS and Servers. We do not software, anti-virus, patching etc on those machines as they are managed by other consultants.
Our application guys just want to create VPN between sites and allow those system to communicate through our firewall over specific ports. I don't think this is the best way to proceed.

Issue number 2: Headquarters want to access the POS to manage or troubleshoot systems on occasion. Would GotoAssist, NetSupport or WebEx be secure viable solutions for this?

Thank you in advance for your help. Any guidance for people that went through these types of things would relieve some stress over here...

CP
0
Comment
Question by:CProp
  • 3
  • 3
7 Comments
 
LVL 16

Assisted Solution

by:Michael Ortega (Internetwerx, Inc.)
Michael Ortega (Internetwerx, Inc.) earned 250 total points
ID: 39267518
What POS are you referring to? Some POS systems have tools already developed to export financial data natively.

Lots of different ways to administer your systems. Bomgar and CommandCenter are appliance based systems that even target the POS/KIOSK markets.

MO
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
ID: 39268892
Not sure why you think a VPN is a bad idea.  It's far better than any transmission over the internet.  You can also use the VPN tunnel for remote access in a secure manner.  No ports open to internet.

If you have a lot of units and techs, than a cost-effective tool is ScreenConnect.  For $3,000 you get an unlimited server license for any number of endpoints and techs and open sessions.  Any of the other tools will cost that much for just 2 or 3 techs.

I ran a demo server.  Remote connections were faster and clearer than TeamViewer, which is already faster and clearer than GoTo__, LogMeIn, and WebEx.

You can white-label or private-brand the server GUI.  Using MS Windows & Internet Explorer from the tech's workstation is the best experience.  You can scale the user's screen quickly.  No scrolling.  Multiple monitors are fine too.

I used it to connect to a workstation with a vertical 1920x1080 monitor plus a 2MP horizontal monitor.  The clarity was impressive.  Could see x-ray images without a lot of artifacting or banding.
0
 

Author Comment

by:CProp
ID: 39269566
This is a good starting point for me
To answer the questions:
- The POS system is Pro-ShopKeeper from Club Prophet Systems.

Just a bit of clarification, I don't think the VPN is a bad idea per say. Encrypted tunnel is a good thing between 2 trusted sites.
I'm hesitant about doing this with a site where we don't control the end-point and the users that use those systems. They might install malware from malicious websites and VPN tunnel would be a vector into our organization.

Looking foward to your response

CP
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 32

Expert Comment

by:aleghart
ID: 39269587
Tunnel can be limited at either end, and by service/port.  So, you could have access to their /24 network, and limit them to just your remote control server or patch server, etc.
0
 

Author Comment

by:CProp
ID: 39270090
Maybe you are right. I might just being overly paranoid on that front.
I was looking at scenario about a malicious application that  tunnel through that service/port?
I know my boss will ask about that and I'm not sure about the risk.
Things like an reverse proxy or application firewall for deep packet inspection?

CP
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39270173
If you limit your endpoint to port 1001 at 10.0.0.1, then the only exposure is that host on only port 1001.  Attempts to reach any other host or any other port will be blocked by your VPN policy.

If any other party tries to make a VPN connection, they would need the correct tunnel config and pre-shared key...and would have to have an IP address that matches your policy.

If you ever need to disconnect a client, or decide to cease operations with a customer, either end can disable the tunnel, and there will be zero access.
0
 

Author Closing Comment

by:CProp
ID: 39272310
Thanks guys, I really appreciated the quick response on this topic.

Chris
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How Resolve Word 2011 Office-Database Error in Mac OS X 10 57
powershell code to list items in dropdown 6 60
use lov values 2 49
Review of a VPN cert policy 4 27
Ensuring effective and secure communication in the age of healthcare BYOD.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question